Chamilo

Chamilo Lms

80 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.2

CVE-2025-50197

Exploit
  • EPSS 0.26%
  • Veröffentlicht 02.03.2026 15:18:06
  • Zuletzt bearbeitet 03.03.2026 18:44:38

Chamilo is a learning management system. Prior to version 1.11.30, there is an OS Command Injection vulnerability in /main/admin/sub_language_ajax.inc.php via the POST new_language parameter. This issue has been patched in version 1.11.30.

7.2

CVE-2025-50196

Exploit
  • EPSS 0.19%
  • Veröffentlicht 02.03.2026 15:17:53
  • Zuletzt bearbeitet 03.03.2026 18:44:16

Chamilo is a learning management system. Prior to version 1.11.30, there is an OS Command Injection vulnerability in /plugin/vchamilo/views/editinstance.php via the POST main_database parameter. This issue has been patched in version 1.11.30.

7.2

CVE-2025-50195

Exploit
  • EPSS 0.26%
  • Veröffentlicht 02.03.2026 15:16:59
  • Zuletzt bearbeitet 03.03.2026 18:43:56

Chamilo is a learning management system. Prior to version 1.11.30, there is an OS Command Injection vulnerability in /plugin/vchamilo/views/manage.controller.php. This issue has been patched in version 1.11.30.

7.2

CVE-2025-50194

Exploit
  • EPSS 0.26%
  • Veröffentlicht 02.03.2026 15:16:22
  • Zuletzt bearbeitet 03.03.2026 18:43:29

Chamilo is a learning management system. Prior to version 1.11.30, there is an OS Command Injection vulnerability in /main/cron/lang/check_parse_lang.php. This issue has been patched in version 1.11.30.

7.2

CVE-2025-50193

Exploit
  • EPSS 0.26%
  • Veröffentlicht 02.03.2026 15:16:02
  • Zuletzt bearbeitet 03.03.2026 18:43:16

Chamilo is a learning management system. Prior to version 1.11.30, there is an OS command Injection vulnerability in /plugin/vchamilo/views/import.php with the POST to_main_database parameter. This issue has been patched in version 1.11.30.

9.8

CVE-2025-50192

Exploit
  • EPSS 0.03%
  • Veröffentlicht 02.03.2026 14:54:06
  • Zuletzt bearbeitet 03.03.2026 19:13:20

Chamilo is a learning management system. Prior to version 1.11.30, there is a time-based SQL Injection in found in /main/webservices/registration.soap.php. This issue has been patched in version 1.11.30.

7.2

CVE-2025-50191

Exploit
  • EPSS 0.03%
  • Veröffentlicht 02.03.2026 14:53:36
  • Zuletzt bearbeitet 03.03.2026 19:13:46

Chamilo is a learning management system. Prior to version 1.11.30, there is an error-based SQL Injection via POST userFile with the /main/exercise/hotpotatoes.php script. This issue has been patched in version 1.11.30.

9.8

CVE-2025-50190

Exploit
  • EPSS 0.03%
  • Veröffentlicht 02.03.2026 14:53:15
  • Zuletzt bearbeitet 03.03.2026 19:14:03

Chamilo is a learning management system. Prior to version 1.11.30, there is an error-based SQL Injection via the GET openid.assoc_handle parameter with the /index.php script. This issue has been patched in version 1.11.30.

8.8

CVE-2025-50189

Exploit
  • EPSS 0.05%
  • Veröffentlicht 02.03.2026 14:49:09
  • Zuletzt bearbeitet 03.03.2026 19:13:01

Chamilo is a learning management system. Prior to version 1.11.30, the application performs insufficient validation of data coming from the user from the POST resource[document][SQL_INJECTION_HERE] and POST login parameters found in /main/coursecopy/...

7.2

CVE-2025-50188

Exploit
  • EPSS 0.04%
  • Veröffentlicht 02.03.2026 14:47:03
  • Zuletzt bearbeitet 03.03.2026 19:12:46

Chamilo is a learning management system. Prior to version 1.11.30, the application performs insufficient validation of data coming from the user from the GET value parameter with the following scripts: /plugin/vchamilo/views/syncparams.php and /plugi...